SafeMode - Analysis: icasino.click

EN ES PT

Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://icasino.click/

Detected Brand

Unknown

Country

International

Confiança

100%

HTTP Status

200

Report ID

660f8633-815…

Analyzed

2026-02-08 18:37

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1E8E229B4A230D335B1C247E8DA6425687A5FE1DDD3C695B4E388AF11B0D6CE8D9260CF
CONTENT ssdeep	384:4rAneugTTRhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3As6MRW0Md:4rAneuOhhPhleMeDGCSPxeeWmHZW

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c4333fbc68984b78
VISUAL aHash	00206070f0f0f2f0
VISUAL dHash	4ccccac181c4c4e5
VISUAL wHash	806660f0f0fcfef0
VISUAL colorHash	31e00008000
VISUAL cropResistant	b261e4e4b2b3a969,80100c4c4c081000,4ccccac181c4c4e5,c7e68657872d3932

Análise de Código

Risk Score 100/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

WebSocket C2

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Usuários desavisados
• Método: Coleta de credenciais
• Exfil: wss://gambler-work.com/api/ws
• Indicadores: Domínio suspeito, formulário de registro, promessas de recompensas.
• Risco: ALTO

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
unicode_escape
base64_strings

🎯 Kit Endpoints

http://developers.facebook.com/policy/].
https://icasino.click/_next/static/chunks/63712-08d55a4030f898f7.js
https://crypto.sardine.ai/buy
https://icasino.click/_next/static/chunks/92148-6f19ac7166461fa8.js
https://react.dev/link/hydration-mismatch
https://icasino.click/_next/static/chunks/58211-d9d578b8de9e3293.js
https://qa.meldcrypto.com/
https://icasino.click/_next/static/chunks/main-app-fef4a8898ec7782a.js
https://connect.facebook.net/en_US/fbevents.js
http://localhost:3001
https://icasino.click/_next/static/chunks/53331-ed5951db58e70abe.js
https://icasino.click/_next/static/chunks/53090-a64743b05c92b22e.js
https://gambler-work.com/api
https://gambler-work.com/payser
https://react.dev/errors/
https://guarda.com/buy/
https://www.facebook.com/privacy_sandbox/topics/registration/
https://www.facebook.com/tr/
https://ramp.network/buy
https://exchange.mercuryo.io/
https://icasino.click/_next/static/chunks/53069-c3a95b8ce62cca48.js
https://changelly.com/buy-crypto
https://openocean.banxa.com/
https://www.moonpay.com/buy/btc
https://nextjs.org/docs/messages/react-hydration-error
https://icasino.click/_next/static/chunks/app/not-found-e862b646e1cb1951.js
https://changenow.io/buy/bitcoin
https://icasino.click/_next/static/chunks/49080-aa8410705e183b35.js
https://global.transak.com/
https://icasino.click/_next/static/chunks/34230-e87c8d35c9fa1ab6.js

📡 API Calls Detected

POST
GET

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Suspicious Domain

Domain name does not appear to be affiliated with any known brand and is recently registered.

Registration form

The page includes a form requesting email and password which is a common credential harvesting technique.

JavaScript Obfuscation

Javascript obfuscation is being used. This makes it more difficult to analyze.

Free Reward Claim

The page offers "free reward", which is typical of phishing campaigns

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

General public

Método de Ataque

real-time WebSocket exfiltration + obfuscated JavaScript

Canal de Exfiltração

WebSocket (1 endpoints)

Avaliação de Risco

CRITICAL - Automated credential harvesting with WebSocket (1 endpoints)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
148 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Unknown

Fake Service

Casino

Fraudulent Claims

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The site uses a form to phish for user credentials (email and password).

🌐 Indicadores de Compromisso de Infraestrutura

🦠 Malicious Files

Main File

fbevents.js

File Size

🔬 JavaScript Deep Analysis

Operator Language

English (1%)

Sophistication Level

Basic

Total Code Size

1017,1 KB

🔗 API Endpoints Detected

Other

25

Backend API

1

WebSocket (Real-time)

1

🔐 Obfuscation Detected

: Moderate
: Moderate
: Moderate
: None
: Light
: Light
: Light
: Light
: Light
: Light
: None
: Light
: Light
: Light
: Light
: Light
: Light
: Light
: Light

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Main Drainer

fbevents.js

File Size

1018KB

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot

https://jackpotplay.bond/

https://spin-games.cc

https://heavengame.space

https://raxbet.cc

Screenshot

https://chansino.com

😰

"Nunca pensei que aconteceria comigo"

Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.